Federal Agencies Implement Software Supply Chain Risk Management Solutions

    NetRise launches a new managed software supply chain risk management solution for federal agencies, enhancing compliance with cybersecurity directives. The Department of the Navy mandates the use of Orion’s C-SCRM capabilities, reflecting increased federal prioritization of DevSecOps and software supply chain integrity.

    Cybersecurity and Infrastructure Security Agency, National Institute of Standards and Technology, Department of the Navy

    Key Signals

    • NetRise launches managed software supply chain risk solution for federal agencies.
    • Department of the Navy mandates Orion as authorized DevSecOps platform for enterprise.
    • Navy standardizes C-SCRM services to enhance procurement practices.

    "Asc3nd has built our federal practice around closing that visibility gap, and NetRise gives our customers the binary-derived evidence and provenance intelligence to move from compliance theater to real, scalable risk management."

    Sarn Gabriel Bien-Aime, Founder & CEO, Asc3nd Technologies Group

    Background and Context
    In today's rapidly evolving digital landscape, managing software supply chain risks has emerged as a critical priority for federal agencies. In response to increasing cybersecurity threats, the Cybersecurity and Infrastructure Security Agency (CISA), under directives like BOD 26-04, has been emphasizing the need for robust cybersecurity measures within software supply chains. This push aligns with key executive orders focusing on both artificial intelligence and post-quantum cryptography, which highlight the necessity for federal entities to adopt innovative solutions for upholding security standards.

    Recognizing this imperative, NetRise, in partnership with Asc3nd Technologies Group, has launched a comprehensive managed software supply chain risk management offering that specifically caters to federal agencies. This solution plays a pivotal role in helping agencies assess, prioritize, and mitigate risks throughout the software acquisition lifecycle. By leveraging advanced binary-derived evidence and intelligence, agency stakeholders can transition from basic compliance exercises to effective risk management strategies that are scalable and impactful.

    Procurement Implications
    The Department of the Navy’s recent decision to designate the Orion DevSecOps platform and its Cyber-Supply Chain Risk Management (C-SCRM) capabilities as mandatory enterprise IT services marks a significant advancement in federal procurement practices. By standardizing software development and supply chain monitoring, the Navy is creating a unified framework that fosters improved security outcomes across its operational domains. The implications of this mandate are profound, as they will not only streamline processes but also significantly heighten the demand for integrated DevSecOps and C-SCRM solutions across the defense contracting community.

    The convergence of NetRise's offering with the Navy's procurement landscape signals a burgeoning opportunity for contractors that specialize in providing advanced cybersecurity solutions, particularly those focused on software supply chain integrity. With the acknowledgment of the need for structured and robust risk management frameworks, procurement professionals must stay attuned to these enhancements and recalibrate their approaches to aligning agency acquisitions with federal mandates.

    Strategic Partnerships and Market Evaluation
    As part of its strategic expansion in the federal market, NetRise has entered a partnership with Accenture, aiming to integrate its solutions into broader cybersecurity frameworks. This strategic alignment not only enhances NetRise’s capabilities but also establishes a more comprehensive ecosystem for federal agencies seeking compliance and security in their software supply chains. Moreover, the partnership with Acc3nd Technologies Group underscores a collaborative approach in addressing visibility gaps in risk management, further solidifying NetRise’s position in the market.

    Procurement professionals and contractors are therefore advised to meticulously evaluate emerging opportunities stemming from these developments. With the Navy's standardization of the Orion platform at Impact Level 5 and below, there is a clear signal for heightened demand in integrated DevSecOps service offerings. Furthermore, the ongoing evolution of federal compliance requirements presents prospects for agile companies capable of innovating within the realms of software risk management and compliance solutions.

    Key Highlights:

    • NetRise introduced a managed software supply chain risk management offering for federal agencies, improving compliance with federal cybersecurity directives.
    • The Navy has mandated the Orion DevSecOps platform as the only authorized Git-based development environment at Impact Level 5 and below, promoting standardization in software development practices.
    • Strategic partnerships, such as with Accenture, enable NetRise to enhance its integration into broader cybersecurity platforms, bringing comprehensive solutions to federal agencies.
    • Procurement professionals should proactively align acquisition strategies with the evolving requirements posed by the Navy's mandates and emerging industry standards.
    • The federal push towards operationalizing software supply chain risk management hints at growing opportunities for contractors specializing in cybersecurity, DevSecOps, and risk mitigation solutions.
    • According to industry leaders, advancing from compliance theater to real, scalable risk management poses significant implications for federal procurement practices, as emphasized by Sarn Gabriel Bien-Aime, CEO of Asc3nd Technologies Group.